Add CaptivePortalURLLoaderThrottle.

This new blink::URLLoaderThrottle will disable DoH for navigation requests
issued in windows that were created for captive portal resolution. This
change is a no-op since CaptivePortalTabHelper::is_captive_portal_window
currently always returns false.

Change-Id: Idabd81c0b7db57c95d93e0f89c7acf9ab61630e4
Bug: 10161646
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1869728Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Katharine Daly <dalyk@google.com>
Cr-Commit-Position: refs/heads/master@{#726064}

chrome/browser/BUILD.gn

@@ -4443,6 +4443,8 @@ jumbo_static_library("browser") {
       "captive_portal/captive_portal_tab_helper.h",
       "captive_portal/captive_portal_tab_reloader.cc",
       "captive_portal/captive_portal_tab_reloader.h",
+      "captive_portal/captive_portal_url_loader_throttle.cc",
+      "captive_portal/captive_portal_url_loader_throttle.h",
       "ssl/captive_portal_metrics_recorder.cc",
       "ssl/captive_portal_metrics_recorder.h",
     ]

chrome/browser/captive_portal/captive_portal_browsertest.cc

@@ -1852,6 +1852,45 @@ IN_PROC_BROWSER_TEST_F(CaptivePortalBrowserTest, LoginFastTimeout) {
   Login(browser(), 0, 1);
 }
 
+// Test that a navigation in a tab that is part of a captive portal windoow
+// has secure DNS disabled.
+IN_PROC_BROWSER_TEST_F(CaptivePortalBrowserTest,
+                       CaptivePortalWindowNavigationDisableSecureDns) {
+  content::WebContents* web_contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  CaptivePortalTabHelper::FromWebContents(web_contents)
+      ->set_is_captive_portal_window();
+
+  ASSERT_TRUE(embedded_test_server()->Start());
+  GURL url(embedded_test_server()->GetURL("/title1.html"));
+  url::Origin origin = url::Origin::Create(url);
+
+  // Disable the interceptor that was set up during construction of the test.
+  // This is necessary since only one interceptor is allowed.
+  url_loader_interceptor_.reset();
+
+  std::unique_ptr<content::URLLoaderInterceptor> url_loader_interceptor;
+  bool invoked_interceptor = false;
+  url_loader_interceptor = std::make_unique<content::URLLoaderInterceptor>(
+      base::BindLambdaForTesting(
+          [&](content::URLLoaderInterceptor::RequestParams* params) {
+            if (params->url_request.url.spec().find("title1.html") !=
+                std::string::npos) {
+              invoked_interceptor = true;
+              EXPECT_TRUE(params->url_request.trusted_params);
+              EXPECT_TRUE(
+                  params->url_request.trusted_params->disable_secure_dns);
+              EXPECT_EQ(
+                  net::NetworkIsolationKey(origin, origin),
+                  params->url_request.trusted_params->network_isolation_key);
+            }
+            return false;
+          }));
+
+  ui_test_utils::NavigateToURL(browser(), url);
+  EXPECT_TRUE(invoked_interceptor);
+}
+
 // A cert error triggers a captive portal check and results in opening a login
 // tab.
 IN_PROC_BROWSER_TEST_F(CaptivePortalBrowserTest,

chrome/browser/captive_portal/captive_portal_tab_helper.cc

@@ -41,7 +41,8 @@ CaptivePortalTabHelper::CaptivePortalTabHelper(
           base::Bind(&CaptivePortalTabHelper::OpenLoginTabForWebContents,
                      web_contents,
                      false))),
-      login_detector_(new CaptivePortalLoginDetector(profile_)) {
+      login_detector_(new CaptivePortalLoginDetector(profile_)),
+      is_captive_portal_window_(false) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   registrar_.Add(this,
                  chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT,

chrome/browser/captive_portal/captive_portal_tab_helper.h

@@ -84,6 +84,9 @@ class CaptivePortalTabHelper
   static void OpenLoginTabForWebContents(content::WebContents* web_contents,
                                          bool focus);
 
+  bool is_captive_portal_window() const { return is_captive_portal_window_; }
+  void set_is_captive_portal_window() { is_captive_portal_window_ = true; }
+
  private:
   friend class CaptivePortalBrowserTest;
   friend class CaptivePortalTabHelperTest;
@@ -116,6 +119,10 @@ class CaptivePortalTabHelper
   std::unique_ptr<CaptivePortalTabReloader> tab_reloader_;
   std::unique_ptr<CaptivePortalLoginDetector> login_detector_;
 
+  // Whether this tab is part of a window that was constructed for captive
+  // portal resolution.
+  bool is_captive_portal_window_;
+
   content::NotificationRegistrar registrar_;
 
   WEB_CONTENTS_USER_DATA_KEY_DECL();

chrome/browser/captive_portal/captive_portal_url_loader_throttle.cc

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/captive_portal/captive_portal_url_loader_throttle.h"
+
+#include "chrome/browser/captive_portal/captive_portal_tab_helper.h"
+
+CaptivePortalURLLoaderThrottle::CaptivePortalURLLoaderThrottle(
+    content::WebContents* web_contents) {
+  is_captive_portal_window_ =
+      web_contents && CaptivePortalTabHelper::FromWebContents(web_contents) &&
+      CaptivePortalTabHelper::FromWebContents(web_contents)
+          ->is_captive_portal_window();
+}
+
+void CaptivePortalURLLoaderThrottle::WillStartRequest(
+    network::ResourceRequest* request,
+    bool* defer) {
+  if (!is_captive_portal_window_)
+    return;
+
+  if (!request->trusted_params)
+    request->trusted_params = network::ResourceRequest::TrustedParams();
+  request->trusted_params->disable_secure_dns = true;
+}

chrome/browser/captive_portal/captive_portal_url_loader_throttle.h

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CAPTIVE_PORTAL_CAPTIVE_PORTAL_URL_LOADER_THROTTLE_H_
+#define CHROME_BROWSER_CAPTIVE_PORTAL_CAPTIVE_PORTAL_URL_LOADER_THROTTLE_H_
+
+#include "content/public/browser/web_contents.h"
+#include "third_party/blink/public/common/loader/url_loader_throttle.h"
+
+// CaptivePortalURLLoaderThrottle is used in the browser process to
+// disable secure DNS for requests made from WebContents that belong to a
+// window that was created for captive portal resolution.
+class CaptivePortalURLLoaderThrottle : public blink::URLLoaderThrottle {
+ public:
+  explicit CaptivePortalURLLoaderThrottle(content::WebContents* web_contents);
+
+ private:
+  // blink::URLLoaderThrottle implementation.
+  void WillStartRequest(network::ResourceRequest* request,
+                        bool* defer) override;
+
+  // Whether the WebContents associated with this throttle belong to a window
+  // that was created for captive portal resolution.
+  bool is_captive_portal_window_;
+};
+
+#endif  // CHROME_BROWSER_CAPTIVE_PORTAL_CAPTIVE_PORTAL_URL_LOADER_THROTTLE_H_

chrome/browser/chrome_content_browser_client.cc

@@ -482,6 +482,7 @@
 
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
 #include "chrome/browser/captive_portal/captive_portal_tab_helper.h"
+#include "chrome/browser/captive_portal/captive_portal_url_loader_throttle.h"
 #endif
 
 #if BUILDFLAG(ENABLE_NACL)
@@ -4249,6 +4250,11 @@ ChromeContentBrowserClient::CreateURLLoaderThrottles(
   }
 #endif
 
+#if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
+  result.push_back(
+      std::make_unique<CaptivePortalURLLoaderThrottle>(wc_getter.Run()));
+#endif
+
   if (chrome_navigation_ui_data &&
       chrome_navigation_ui_data->prerender_mode() != prerender::NO_PRERENDER) {
     result.push_back(std::make_unique<prerender::PrerenderURLLoaderThrottle>(